@harperfast/harper-pro 5.0.0-alpha.2 → 5.0.0-alpha.3

package/dist/security/sshKeyOperations.js

@@ -0,0 +1,343 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const joi_1 = __importDefault(require("joi"));
+const node_path_1 = require("node:path");
+const promises_1 = require("node:fs/promises");
+const validationWrapper_js_1 = require("../core/validation/validationWrapper.js");
+const harper_logger_js_1 = __importDefault(require("../core/utility/logging/harper_logger.js"));
+const hdbError_js_1 = require("../core/utility/errors/hdbError.js");
+const hdbTerms_ts_1 = require("../core/utility/hdbTerms.js");
+const environmentManager_js_1 = __importDefault(require("../core/utility/environment/environmentManager.js"));
+const replicator_ts_1 = require("../replication/replicator.js");
+// SSH key name can only be alphanumeric, dash and underscores
+const SSH_KEY_NAME_REGEX = /^[a-zA-Z0-9-_]+$/;
+const SSH_KEY_NAME_ERROR_MSG = 'SSH key name can only contain alphanumeric, dash and underscore characters';
+// Helper function to check if a file or directory exists
+const exists = async (path) => (0, promises_1.access)(path, promises_1.constants.F_OK)
+    .then(() => true)
+    .catch(() => false);
+// Helper function to write a file ensuring the directory exists
+async function writeFileEnsureDir(filePath, data) {
+    await (0, promises_1.mkdir)((0, node_path_1.dirname)(filePath), { recursive: true });
+    await (0, promises_1.writeFile)(filePath, data);
+}
+const addValidationSchema = joi_1.default.object({
+    name: joi_1.default.string().pattern(SSH_KEY_NAME_REGEX).required().messages({ 'string.pattern.base': SSH_KEY_NAME_ERROR_MSG }),
+    key: joi_1.default.string().required(),
+    host: joi_1.default.string().required(),
+    hostname: joi_1.default.string().required(),
+    known_hosts: joi_1.default.string().optional(),
+});
+const getSSHKeyValidationSchema = joi_1.default.object({
+    name: joi_1.default.string().required(),
+});
+const updateSSHKeyValidationSchema = joi_1.default.object({
+    name: joi_1.default.string().required(),
+    key: joi_1.default.string().required(),
+});
+const deleteSSHKeyValidationSchema = joi_1.default.object({
+    name: joi_1.default.string().required(),
+});
+const setSSHKnownHostsValidationSchema = joi_1.default.object({
+    known_hosts: joi_1.default.string().required(),
+});
+function getSSHPaths(keyName) {
+    const rootDir = environmentManager_js_1.default.get(hdbTerms_ts_1.CONFIG_PARAMS.ROOTPATH);
+    const sshDir = (0, node_path_1.join)(rootDir, 'ssh');
+    const filePath = keyName ? (0, node_path_1.join)(sshDir, keyName + '.key') : undefined;
+    const configFile = (0, node_path_1.join)(sshDir, 'config');
+    const knownHostsFile = (0, node_path_1.join)(sshDir, 'known_hosts');
+    return { sshDir, filePath, configFile, knownHostsFile };
+}
+/**
+ * Adds a new SSH key along with its associated SSH config block and optional
+ * known_hosts entries. If the hostname is `github.com`, GitHub's public SSH
+ * keys are automatically fetched and added to the known_hosts file.
+ *
+ * @param req - The request object containing the SSH key details.
+ * @param req.name - The name of the SSH key to add.
+ * @param req.key - The SSH key contents to write to disk.
+ * @param req.host - The Host alias to use in the SSH config block.
+ * @param req.hostname - The HostName (real hostname) to use in the SSH config block.
+ * @param req.known_hosts - Optional known_hosts entries to append to the known_hosts file.
+ * @returns An object containing a success message and optional replication results.
+ */
+async function addSSHKey(req) {
+    const validation = (0, validationWrapper_js_1.validateBySchema)(req, addValidationSchema);
+    if (validation)
+        throw new hdbError_js_1.ClientError(validation.message);
+    const { name, key, host, hostname, known_hosts } = req;
+    harper_logger_js_1.default?.trace('adding ssh key', name);
+    const { filePath, configFile, knownHostsFile } = getSSHPaths(name);
+    // Check if the key already exists
+    if (await exists(filePath)) {
+        throw new hdbError_js_1.ClientError('Key already exists. Use update_ssh_key or delete_ssh_key and then add_ssh_key');
+    }
+    // Create the key file
+    await writeFileEnsureDir(filePath, key);
+    await (0, promises_1.chmod)(filePath, 0o600);
+    // Build the config block string
+    const configBlock = `#${name}
+Host ${host}
+	HostName ${hostname}
+	User git
+	IdentityFile ${filePath}
+	IdentitiesOnly yes`;
+    // If the file already exists, add a new config block, otherwise write the file for the first time
+    if (await exists(configFile)) {
+        await (0, promises_1.appendFile)(configFile, '\n' + configBlock);
+    }
+    else {
+        await writeFileEnsureDir(configFile, configBlock);
+    }
+    let additionalMessage = '';
+    // Create the known_hosts file and set permissions if missing
+    if (!(await exists(knownHostsFile))) {
+        await writeFileEnsureDir(knownHostsFile, '');
+        await (0, promises_1.chmod)(knownHostsFile, 0o600);
+    }
+    // If adding a github.com ssh key download it automatically
+    if (hostname === 'github.com') {
+        const fileContents = await (0, promises_1.readFile)(knownHostsFile, 'utf8');
+        // Check if there's already github.com entries
+        if (!fileContents.includes('github.com')) {
+            try {
+                const response = await fetch('https://api.github.com/meta');
+                const respJson = await response.json();
+                const sshKeys = respJson['ssh_keys'];
+                for (const knownHost of sshKeys) {
+                    await (0, promises_1.appendFile)(knownHostsFile, 'github.com ' + knownHost + '\n');
+                }
+            }
+            catch {
+                additionalMessage =
+                    '. Unable to get known hosts from github.com. Set your known hosts manually using set_ssh_known_hosts.';
+            }
+        }
+    }
+    if (known_hosts) {
+        await (0, promises_1.appendFile)(knownHostsFile, known_hosts);
+    }
+    let response = await (0, replicator_ts_1.replicateOperation)(req);
+    response.message = `Added ssh key: ${name}${additionalMessage}`;
+    return response;
+}
+/**
+ * Retrieves an SSH key by name, along with any associated Host and HostName
+ * configuration from the SSH config file.
+ *
+ * @param req - The request object containing the key name.
+ * @param req.name - The name of the SSH key to retrieve.
+ * @returns An object containing the key name, the key contents, and optionally
+ * the Host and HostName from the SSH config file.
+ */
+async function getSSHKey(req) {
+    const validation = (0, validationWrapper_js_1.validateBySchema)(req, getSSHKeyValidationSchema);
+    if (validation)
+        throw new hdbError_js_1.ClientError(validation.message);
+    const { name } = req;
+    const { filePath, configFile } = getSSHPaths(name);
+    if (!(await exists(filePath))) {
+        throw new hdbError_js_1.ClientError(`SSH key '${name}' does not exist.`);
+    }
+    harper_logger_js_1.default?.trace(`getting ssh key`, name, filePath);
+    const key = await (0, promises_1.readFile)(filePath, 'utf8');
+    const result = { name, key };
+    if (await exists(configFile)) {
+        const configContents = await (0, promises_1.readFile)(configFile, 'utf8');
+        const { host, hostname } = extractMatchingHostAndHostname(configContents, name);
+        if (host)
+            result.host = host;
+        if (hostname)
+            result.hostname = hostname;
+    }
+    return result;
+}
+/**
+ * Updates an existing SSH key by overwriting the key file with new contents.
+ *
+ * @param req - The request object containing the updated key details.
+ * @param req.name - The name of the SSH key to update.
+ * @param req.key - The new SSH key contents to write to disk.
+ * @returns An object containing a success message and optional replication results.
+ */
+async function updateSSHKey(req) {
+    const validation = (0, validationWrapper_js_1.validateBySchema)(req, updateSSHKeyValidationSchema);
+    if (validation)
+        throw new hdbError_js_1.ClientError(validation.message);
+    const { name, key } = req;
+    harper_logger_js_1.default?.trace(`updating ssh key`, name);
+    const { filePath } = getSSHPaths(name);
+    if (!(await exists(filePath))) {
+        throw new hdbError_js_1.ClientError(`SSH key '${name}' does not exist. Use add_ssh_key to create it.`);
+    }
+    await writeFileEnsureDir(filePath, key);
+    await (0, promises_1.chmod)(filePath, 0o600);
+    const response = await (0, replicator_ts_1.replicateOperation)(req);
+    response.message = `Updated ssh key: ${name}`;
+    return response;
+}
+/**
+ * Deletes an existing SSH key and removes its associated config block from
+ * the SSH config file.
+ *
+ * @param req - The request object containing the key name.
+ * @param req.name - The name of the SSH key to delete.
+ * @returns An object containing a success message and optional replication results.
+ */
+async function deleteSSHKey(req) {
+    const validation = (0, validationWrapper_js_1.validateBySchema)(req, deleteSSHKeyValidationSchema);
+    if (validation)
+        throw new hdbError_js_1.ClientError(validation.message);
+    const { name } = req;
+    harper_logger_js_1.default?.trace(`deleting ssh key`, name);
+    const { filePath, configFile } = getSSHPaths(name);
+    if (!(await exists(filePath))) {
+        throw new hdbError_js_1.ClientError(`SSH key '${name}' does not exist.`);
+    }
+    if (await exists(configFile)) {
+        const escapedName = name.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+        const configBlockRegex = new RegExp(`#${escapedName}[\\S\\s]*?IdentitiesOnly yes`, 'g');
+        const fileContents = (await (0, promises_1.readFile)(configFile, 'utf8')).replace(configBlockRegex, '').trim();
+        await writeFileEnsureDir(configFile, fileContents);
+    }
+    await (0, promises_1.unlink)(filePath);
+    const response = await (0, replicator_ts_1.replicateOperation)(req);
+    response.message = `Deleted ssh key: ${name}`;
+    return response;
+}
+/**
+ * Lists all SSH keys along with their associated Host and HostName
+ * configuration from the SSH config file.
+ *
+ * @returns An array of objects containing the key name and optionally
+ * the Host and HostName from the SSH config file.
+ */
+async function listSSHKeys() {
+    const { sshDir, configFile } = getSSHPaths(undefined);
+    if (!(await exists(sshDir)))
+        return [];
+    const EXCLUDED_FILES = new Set(['known_hosts', 'config']);
+    const configContents = (await exists(configFile)) ? await (0, promises_1.readFile)(configFile, 'utf8') : null;
+    const files = await (0, promises_1.readdir)(sshDir);
+    return files
+        .filter((file) => !EXCLUDED_FILES.has(file))
+        .map((file) => {
+        const name = (0, node_path_1.basename)(file, '.key');
+        const result = { name };
+        if (configContents) {
+            const { host, hostname } = extractMatchingHostAndHostname(configContents, name);
+            if (host)
+                result.host = host;
+            if (hostname)
+                result.hostname = hostname;
+        }
+        return result;
+    });
+}
+/**
+ * Extracts the Host and HostName values from an SSH config block matching
+ * the given key name. Config blocks are identified by a leading comment
+ * in the format `#keyName`.
+ *
+ * @param configContents - The full contents of the SSH config file.
+ * @param name - The name of the SSH key whose config block to extract from.
+ * @returns An object containing the optional Host and HostName values from
+ * the matching config block, or an empty object if no match is found.
+ */
+function extractMatchingHostAndHostname(configContents, name) {
+    const escapedName = name.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+    const configBlockRegex = new RegExp(`#${escapedName}[\\S\\s]*?IdentitiesOnly yes`, 'g');
+    const match = configContents.match(configBlockRegex);
+    if (!match?.[0])
+        return {};
+    const configBlock = match[0];
+    const host = configBlock.match(/^Host\s+(.+)$/m)?.[1]?.trim();
+    const hostname = configBlock.match(/^\s*HostName\s+(.+)$/m)?.[1]?.trim();
+    return {
+        ...(host && { host }),
+        ...(hostname && { hostname }),
+    };
+}
+/**
+ * Overwrites the SSH known_hosts file with the provided entries.
+ *
+ * @param req - The request object containing the known_hosts entries.
+ * @param req.known_hosts - The known_hosts entries to write to the file.
+ * @returns An object containing a success message and optional replication results.
+ */
+async function setSSHKnownHosts(req) {
+    const validation = (0, validationWrapper_js_1.validateBySchema)(req, setSSHKnownHostsValidationSchema);
+    if (validation)
+        throw new hdbError_js_1.ClientError(validation.message);
+    const { known_hosts } = req;
+    harper_logger_js_1.default?.trace(`setting ssh known hosts`);
+    const { knownHostsFile } = getSSHPaths(undefined);
+    await writeFileEnsureDir(knownHostsFile, known_hosts);
+    await (0, promises_1.chmod)(knownHostsFile, 0o600);
+    const response = await (0, replicator_ts_1.replicateOperation)(req);
+    response.message = `Known hosts successfully set`;
+    return response;
+}
+/**
+ * Retrieves the contents of the SSH known_hosts file.
+ *
+ * @returns An object containing the known_hosts file contents,
+ * or `null` if the file does not exist.
+ */
+async function getSSHKnownHosts() {
+    harper_logger_js_1.default?.trace(`getting ssh known hosts`);
+    const { knownHostsFile } = getSSHPaths(undefined);
+    if (!(await exists(knownHostsFile))) {
+        return { known_hosts: null };
+    }
+    return { known_hosts: await (0, promises_1.readFile)(knownHostsFile, 'utf8') };
+}
+// These will register the operations for the operations API. For now the method and schema are ignored,
+// they are there for when build the REST interface for operations API
+server.registerOperation?.({
+    name: 'add_ssh_key',
+    execute: addSSHKey,
+    httpMethod: 'PUT',
+    parametersSchema: [{ name: 'hostname', in: 'path', schema: { type: 'string' } }],
+});
+server.registerOperation?.({
+    name: 'get_ssh_key',
+    execute: getSSHKey,
+    httpMethod: 'GET',
+    parametersSchema: [{ name: 'hostname', in: 'path', schema: { type: 'string' } }],
+});
+server.registerOperation?.({
+    name: 'update_ssh_key',
+    execute: updateSSHKey,
+    httpMethod: 'PATCH',
+    parametersSchema: [{ name: 'hostname', in: 'path', schema: { type: 'string' } }],
+});
+server.registerOperation?.({
+    name: 'delete_ssh_key',
+    execute: deleteSSHKey,
+    httpMethod: 'DELETE',
+    parametersSchema: [{ name: 'hostname', in: 'path', schema: { type: 'string' } }],
+});
+server.registerOperation?.({
+    name: 'list_ssh_keys',
+    execute: listSSHKeys,
+    httpMethod: 'GET',
+    parametersSchema: [{ name: 'hostname', in: 'path', schema: { type: 'string' } }],
+});
+server.registerOperation?.({
+    name: 'set_ssh_known_hosts',
+    execute: setSSHKnownHosts,
+    httpMethod: 'PUT',
+    parametersSchema: [{ name: 'hostname', in: 'path', schema: { type: 'string' } }],
+});
+server.registerOperation?.({
+    name: 'get_ssh_known_hosts',
+    execute: getSSHKnownHosts,
+    httpMethod: 'GET',
+    parametersSchema: [{ name: 'hostname', in: 'path', schema: { type: 'string' } }],
+});
+//# sourceMappingURL=sshKeyOperations.js.map

package/dist/security/sshKeyOperations.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sshKeyOperations.js","sourceRoot":"","sources":["../../security/sshKeyOperations.ts"],"names":[],"mappings":";;;;;AAAA,8CAAsB;AACtB,yCAAoD;AACpD,+CAAqH;AAErH,kFAA2E;AAC3E,gGAAoE;AACpE,oEAAiE;AACjE,6DAA4D;AAC5D,8GAAoE;AACpE,gEAAkE;AAElE,8DAA8D;AAC9D,MAAM,kBAAkB,GAAG,kBAAkB,CAAC;AAC9C,MAAM,sBAAsB,GAAG,4EAA4E,CAAC;AAE5G,yDAAyD;AACzD,MAAM,MAAM,GAAG,KAAK,EAAE,IAAY,EAAoB,EAAE,CACvD,IAAA,iBAAM,EAAC,IAAI,EAAE,oBAAS,CAAC,IAAI,CAAC;KAC1B,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;KAChB,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;AAEtB,gEAAgE;AAChE,KAAK,UAAU,kBAAkB,CAAC,QAAgB,EAAE,IAAY;IAC/D,MAAM,IAAA,gBAAK,EAAC,IAAA,mBAAO,EAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,MAAM,IAAA,oBAAS,EAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,mBAAmB,GAAG,aAAG,CAAC,MAAM,CAAC;IACtC,IAAI,EAAE,aAAG,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,CAAC;IACrH,GAAG,EAAE,aAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,IAAI,EAAE,aAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,QAAQ,EAAE,aAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,WAAW,EAAE,aAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACpC,CAAC,CAAC;AAEH,MAAM,yBAAyB,GAAG,aAAG,CAAC,MAAM,CAAC;IAC5C,IAAI,EAAE,aAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC7B,CAAC,CAAC;AAEH,MAAM,4BAA4B,GAAG,aAAG,CAAC,MAAM,CAAC;IAC/C,IAAI,EAAE,aAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,GAAG,EAAE,aAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC5B,CAAC,CAAC;AAEH,MAAM,4BAA4B,GAAG,aAAG,CAAC,MAAM,CAAC;IAC/C,IAAI,EAAE,aAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC7B,CAAC,CAAC;AAEH,MAAM,gCAAgC,GAAG,aAAG,CAAC,MAAM,CAAC;IACnD,WAAW,EAAE,aAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACpC,CAAC,CAAC;AAEH,SAAS,WAAW,CAAC,OAA2B;IAM/C,MAAM,OAAO,GAAG,+BAAG,CAAC,GAAG,CAAC,2BAAa,CAAC,QAAQ,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,IAAA,gBAAI,EAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,IAAA,gBAAI,EAAC,MAAM,EAAE,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtE,MAAM,UAAU,GAAG,IAAA,gBAAI,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC1C,MAAM,cAAc,GAAG,IAAA,gBAAI,EAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAEnD,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,CAAC;AACzD,CAAC;AAUD;;;;;;;;;;;;GAYG;AACH,KAAK,UAAU,SAAS,CAAC,GAAqB;IAC7C,MAAM,UAAU,GAAG,IAAA,uCAAgB,EAAC,GAAG,EAAE,mBAAmB,CAAC,CAAC;IAC9D,IAAI,UAAU;QAAE,MAAM,IAAI,yBAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE1D,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC;IACvD,0BAAY,EAAE,KAAK,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;IAE5C,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAEnE,kCAAkC;IAClC,IAAI,MAAM,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,yBAAW,CAAC,+EAA+E,CAAC,CAAC;IACxG,CAAC;IAED,sBAAsB;IACtB,MAAM,kBAAkB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IACxC,MAAM,IAAA,gBAAK,EAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAE7B,gCAAgC;IAChC,MAAM,WAAW,GAAG,IAAI,IAAI;OACtB,IAAI;YACC,QAAQ;;gBAEJ,QAAQ;oBACJ,CAAC;IAEpB,kGAAkG;IAClG,IAAI,MAAM,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAA,qBAAU,EAAC,UAAU,EAAE,IAAI,GAAG,WAAW,CAAC,CAAC;IAClD,CAAC;SAAM,CAAC;QACP,MAAM,kBAAkB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,iBAAiB,GAAG,EAAE,CAAC;IAE3B,6DAA6D;IAC7D,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC,EAAE,CAAC;QACrC,MAAM,kBAAkB,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;QAC7C,MAAM,IAAA,gBAAK,EAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACpC,CAAC;IAED,2DAA2D;IAC3D,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;QAC/B,MAAM,YAAY,GAAW,MAAM,IAAA,mBAAQ,EAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAEpE,8CAA8C;QAC9C,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACJ,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,6BAA6B,CAAC,CAAC;gBAC5D,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACvC,MAAM,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC;gBACrC,KAAK,MAAM,SAAS,IAAI,OAAO,EAAE,CAAC;oBACjC,MAAM,IAAA,qBAAU,EAAC,cAAc,EAAE,aAAa,GAAG,SAAS,GAAG,IAAI,CAAC,CAAC;gBACpE,CAAC;YACF,CAAC;YAAC,MAAM,CAAC;gBACR,iBAAiB;oBAChB,uGAAuG,CAAC;YAC1G,CAAC;QACF,CAAC;IACF,CAAC;IAED,IAAI,WAAW,EAAE,CAAC;QACjB,MAAM,IAAA,qBAAU,EAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IAC/C,CAAC;IACD,IAAI,QAAQ,GAAG,MAAM,IAAA,kCAAkB,EAAC,GAAG,CAAC,CAAC;IAC7C,QAAQ,CAAC,OAAO,GAAG,kBAAkB,IAAI,GAAG,iBAAiB,EAAE,CAAC;IAEhE,OAAO,QAAQ,CAAC;AACjB,CAAC;AAED;;;;;;;;GAQG;AACH,KAAK,UAAU,SAAS,CAAC,GAExB;IACA,MAAM,UAAU,GAAG,IAAA,uCAAgB,EAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;IACpE,IAAI,UAAU;QAAE,MAAM,IAAI,yBAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE1D,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC;IACrB,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAEnD,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,yBAAW,CAAC,YAAY,IAAI,mBAAmB,CAAC,CAAC;IAC5D,CAAC;IAED,0BAAY,EAAE,KAAK,CAAC,iBAAiB,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAEvD,MAAM,GAAG,GAAG,MAAM,IAAA,mBAAQ,EAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAoE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;IAE9F,IAAI,MAAM,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,MAAM,cAAc,GAAG,MAAM,IAAA,mBAAQ,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAC1D,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,8BAA8B,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;QAChF,IAAI,IAAI;YAAE,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC;QAC7B,IAAI,QAAQ;YAAE,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC1C,CAAC;IAED,OAAO,MAAM,CAAC;AACf,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,YAAY,CAAC,GAAkC;IAC7D,MAAM,UAAU,GAAG,IAAA,uCAAgB,EAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC;IACvE,IAAI,UAAU;QAAE,MAAM,IAAI,yBAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE1D,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC;IAC1B,0BAAY,EAAE,KAAK,CAAC,kBAAkB,EAAE,IAAI,CAAC,CAAC;IAE9C,MAAM,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,yBAAW,CAAC,YAAY,IAAI,iDAAiD,CAAC,CAAC;IAC1F,CAAC;IAED,MAAM,kBAAkB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IACxC,MAAM,IAAA,gBAAK,EAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAE7B,MAAM,QAAQ,GAAG,MAAM,IAAA,kCAAkB,EAAC,GAAG,CAAC,CAAC;IAC/C,QAAQ,CAAC,OAAO,GAAG,oBAAoB,IAAI,EAAE,CAAC;IAC9C,OAAO,QAAQ,CAAC;AACjB,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,YAAY,CAAC,GAAqB;IAChD,MAAM,UAAU,GAAG,IAAA,uCAAgB,EAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC;IACvE,IAAI,UAAU;QAAE,MAAM,IAAI,yBAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE1D,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC;IACrB,0BAAY,EAAE,KAAK,CAAC,kBAAkB,EAAE,IAAI,CAAC,CAAC;IAE9C,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,yBAAW,CAAC,YAAY,IAAI,mBAAmB,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,MAAM,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;QAChE,MAAM,gBAAgB,GAAG,IAAI,MAAM,CAAC,IAAI,WAAW,8BAA8B,EAAE,GAAG,CAAC,CAAC;QACxF,MAAM,YAAY,GAAG,CAAC,MAAM,IAAA,mBAAQ,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC/F,MAAM,kBAAkB,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,IAAA,iBAAM,EAAC,QAAQ,CAAC,CAAC;IAEvB,MAAM,QAAQ,GAAG,MAAM,IAAA,kCAAkB,EAAC,GAAG,CAAC,CAAC;IAC/C,QAAQ,CAAC,OAAO,GAAG,oBAAoB,IAAI,EAAE,CAAC;IAC9C,OAAO,QAAQ,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,WAAW;IACzB,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IACtD,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAEvC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC1D,MAAM,cAAc,GAAkB,CAAC,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,IAAA,mBAAQ,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7G,MAAM,KAAK,GAAa,MAAM,IAAA,kBAAO,EAAC,MAAM,CAAC,CAAC;IAC9C,OAAO,KAAK;SACV,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;SAC3C,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QACb,MAAM,IAAI,GAAW,IAAA,oBAAQ,EAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAuD,EAAE,IAAI,EAAE,CAAC;QAE5E,IAAI,cAAc,EAAE,CAAC;YACpB,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,8BAA8B,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;YAChF,IAAI,IAAI;gBAAE,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC;YAC7B,IAAI,QAAQ;gBAAE,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC1C,CAAC;QAED,OAAO,MAAM,CAAC;IACf,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,8BAA8B,CAAC,cAAsB,EAAE,IAAY;IAC3E,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;IAChE,MAAM,gBAAgB,GAAG,IAAI,MAAM,CAAC,IAAI,WAAW,8BAA8B,EAAE,GAAG,CAAC,CAAC;IACxF,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAErD,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAE3B,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAE7B,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;IAC9D,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,uBAAuB,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;IAEzE,OAAO;QACN,GAAG,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,CAAC;QACrB,GAAG,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,CAAC;KAC7B,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,gBAAgB,CAAC,GAA4B;IAC3D,MAAM,UAAU,GAAG,IAAA,uCAAgB,EAAC,GAAG,EAAE,gCAAgC,CAAC,CAAC;IAC3E,IAAI,UAAU;QAAE,MAAM,IAAI,yBAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE1D,MAAM,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC;IAC5B,0BAAY,EAAE,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAE/C,MAAM,EAAE,cAAc,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IAClD,MAAM,kBAAkB,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IACtD,MAAM,IAAA,gBAAK,EAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IAEnC,MAAM,QAAQ,GAAG,MAAM,IAAA,kCAAkB,EAAC,GAAG,CAAC,CAAC;IAC/C,QAAQ,CAAC,OAAO,GAAG,8BAA8B,CAAC;IAElD,OAAO,QAAQ,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,gBAAgB;IAC9B,0BAAY,EAAE,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC/C,MAAM,EAAE,cAAc,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IAClD,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC,EAAE,CAAC;QACrC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAC9B,CAAC;IAED,OAAO,EAAE,WAAW,EAAE,MAAM,IAAA,mBAAQ,EAAC,cAAc,EAAE,MAAM,CAAC,EAAE,CAAC;AAChE,CAAC;AAED,wGAAwG;AACxG,sEAAsE;AACtE,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAC1B,IAAI,EAAE,aAAa;IACnB,OAAO,EAAE,SAAS;IAClB,UAAU,EAAE,KAAK;IACjB,gBAAgB,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC;CAChF,CAAC,CAAC;AAEH,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAC1B,IAAI,EAAE,aAAa;IACnB,OAAO,EAAE,SAAS;IAClB,UAAU,EAAE,KAAK;IACjB,gBAAgB,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC;CAChF,CAAC,CAAC;AAEH,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAC1B,IAAI,EAAE,gBAAgB;IACtB,OAAO,EAAE,YAAY;IACrB,UAAU,EAAE,OAAO;IACnB,gBAAgB,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC;CAChF,CAAC,CAAC;AAEH,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAC1B,IAAI,EAAE,gBAAgB;IACtB,OAAO,EAAE,YAAY;IACrB,UAAU,EAAE,QAAQ;IACpB,gBAAgB,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC;CAChF,CAAC,CAAC;AAEH,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAC1B,IAAI,EAAE,eAAe;IACrB,OAAO,EAAE,WAAW;IACpB,UAAU,EAAE,KAAK;IACjB,gBAAgB,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC;CAChF,CAAC,CAAC;AAEH,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAC1B,IAAI,EAAE,qBAAqB;IAC3B,OAAO,EAAE,gBAAgB;IACzB,UAAU,EAAE,KAAK;IACjB,gBAAgB,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC;CAChF,CAAC,CAAC;AAEH,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAC1B,IAAI,EAAE,qBAAqB;IAC3B,OAAO,EAAE,gBAAgB;IACzB,UAAU,EAAE,KAAK;IACjB,gBAAgB,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC;CAChF,CAAC,CAAC"}

package/licensing/usageLicensing.ts

@@ -0,0 +1,262 @@
+import { type ValidatedLicense, validateLicense, initPublicKey } from './validation.ts';
+import { ClientError } from '../core/utility/errors/hdbError.js';
+import { onAnalyticsAggregate } from '../core/resources/analytics/write.ts';
+import { transaction } from '../core/resources/transaction.ts';
+import { databases } from '../core/resources/databases.ts';
+import { watch } from 'chokidar';
+import path from 'node:path';
+import * as fs from 'node:fs/promises';
+import type { Stats } from 'node:fs';
+import * as configUtils from '../core/config/configUtils.js';
+import * as terms from '../core/utility/hdbTerms.ts';
+import type { Server } from '../core/server/Server.ts';
+import type { Scope } from "../core/components/Scope.ts";
+
+// eslint-disable-next-line no-unused-vars
+export const suppressHandleApplicationWarning = true;
+
+let logger: any;
+
+class ExistingLicenseError extends Error {}
+
+interface InstallLicenseRequest {
+	operation: 'install_usage_license';
+	license: string;
+}
+
+interface UsageLicense extends ValidatedLicense {
+	usedReads?: number;
+	usedReadBytes?: number;
+	usedWrites?: number;
+	usedWriteBytes?: number;
+	usedRealTimeMessages?: number;
+	usedRealTimeBytes?: number;
+	usedCpuTime?: number;
+	usedStorage?: number;
+}
+
+interface GetUsageLicenseParams {
+	region?: string;
+}
+
+interface GetUsageLicensesReq extends GetUsageLicenseParams {
+	operation: 'get_usage_licenses';
+}
+
+let licenseRegion: string | undefined;
+let licenseConsoleErrorPrinted = false;
+let licenseWarningIntervalId: NodeJS.Timeout;
+const LICENSE_NAG_PERIOD = 600000; // ten minutes
+
+export function handleApplication({ server, logger, options }: Scope) {
+	const region = options.get(terms.CONFIG_PARAMS.LICENSE_REGION.split('_')) as string;
+	const mode = options.get(terms.CONFIG_PARAMS.LICENSE_MODE.split('_')) as string;
+	initUsageLicensing({ server, logger, license: { region, mode } });
+}
+
+interface LicenseParams {
+	region: string,
+	mode: string,
+}
+
+interface UsageLicensingInitParams {
+	server: Server,
+	logger: any,
+	license: LicenseParams,
+}
+
+export function initUsageLicensing(params: UsageLicensingInitParams) {
+	logger = params.logger;
+
+	initPublicKey(params.license.mode);
+
+	licenseRegion = params.license.region;
+
+	const { server } = params;
+
+	// TODO: This only injects this header on resource API requests.
+	//       It might be good to add a way for internal plugins to
+	//       add headers to operations API requests as well.
+	server.http(async (request, nextHandler) => {
+		const response = nextHandler(request);
+		if (response) {
+			if (!response.headers?.set) {
+				(response as any).headers = new Headers(response.headers);
+			}
+			if (await isLicensed()) {
+				response.headers.set('Server', 'Harper Pro');
+			} else {
+				response.headers.set(
+					'Server',
+					'Unlicensed Harper Pro, this should only be used for educational and development purposes'
+				);
+			}
+		}
+		return response;
+	});
+
+	onAnalyticsAggregate(recordUsage);
+
+	server.registerOperation?.({
+		name: 'install_usage_license',
+		execute: installUsageLicenseOp,
+		httpMethod: 'POST',
+	});
+
+	server.registerOperation?.({
+		name: 'get_usage_licenses',
+		execute: getUsageLicensesOp,
+		httpMethod: 'GET',
+	});
+
+	const licensesPath = path.join(path.dirname(configUtils.getConfigFilePath()), 'licenses');
+	const watchOptions = {
+		persistent: false,
+		ignoreInitial: false,
+		depth: 0,
+		ignored: (file: string, stats: Stats) => stats?.isFile() && !file.endsWith('.txt'),
+	};
+	watch(licensesPath, watchOptions).on('add', loadLicenseFile);
+}
+
+async function installUsageLicenseOp(req: InstallLicenseRequest): Promise<string> {
+	const license = req.license;
+	try {
+		await installUsageLicense(license);
+	} catch (cause) {
+		const error = new ClientError('Failed to install usage license; ' + cause.message);
+		error.cause = cause;
+		throw error;
+	}
+	return 'Successfully installed usage license';
+}
+
+async function installUsageLicense(license: string): Promise<void> {
+	const validatedLicense = validateLicense(license);
+	const { id } = validatedLicense;
+	const existingLicense = await databases.system.hdb_license.get(id);
+	if (existingLicense) {
+		throw new ExistingLicenseError(`A usage license with ${id} already exists`);
+	}
+	logger.info?.('Installing usage license:', validatedLicense);
+	return databases.system.hdb_license.put(id, validatedLicense);
+}
+
+export function isActiveLicense(license: UsageLicense): boolean {
+	return (
+		(license.reads === -1 || (license.usedReads ?? 0) < license.reads) &&
+		(license.readBytes === -1 || (license.usedReadBytes ?? 0) < license.readBytes) &&
+		(license.writes === -1 || (license.usedWrites ?? 0) < license.writes) &&
+		(license.writeBytes === -1 || (license.usedWriteBytes ?? 0) < license.writeBytes) &&
+		(license.realTimeMessages === -1 || (license.usedRealTimeMessages ?? 0) < license.realTimeMessages) &&
+		(license.realTimeBytes === -1 || (license.usedRealTimeBytes ?? 0) < license.realTimeBytes) &&
+		(license.cpuTime === -1 || (license.usedCpuTime ?? 0) < license.cpuTime) &&
+		(license.storage === -1 || (license.usedStorage ?? 0) < license.storage)
+	);
+}
+
+export async function getActiveLicense(): Promise<UsageLicense | undefined> {
+	const licenseQuery = {
+		sort: { attribute: '__createdtime__' },
+		conditions: [{ attribute: 'expiration', comparator: 'greater_than', value: new Date().toISOString() }],
+	};
+	if (licenseRegion !== undefined) {
+		licenseQuery.conditions.push({ attribute: 'region', comparator: 'equals', value: licenseRegion });
+	}
+	const results = databases.system.hdb_license?.search(licenseQuery as any);
+	for await (const license of results ?? []) {
+		if (isActiveLicense(license)) {
+			return license;
+		}
+	}
+	return undefined;
+}
+
+export async function isLicensed(): Promise<boolean> {
+	const activeLicense = await getActiveLicense();
+	return activeLicense !== undefined;
+}
+
+async function recordUsage(analytics: any) {
+	logger.trace?.('Recording usage into license from analytics');
+	const activeLicenseId = (await getActiveLicense())?.id;
+	if (activeLicenseId) {
+		logger.trace?.('Found license to record usage into:', activeLicenseId);
+		const context: any = {};
+		transaction(context, () => {
+			const updatableActiveLicense = databases.system.hdb_license.update(activeLicenseId, context);
+			for (const analyticsRecord of analytics) {
+				logger.trace?.('Processing analytics record:', analyticsRecord);
+				switch (analyticsRecord.metric) {
+					case 'db-read':
+						logger.trace?.('Recording read usage into license');
+						updatableActiveLicense.addTo('usedReads', analyticsRecord.count);
+						updatableActiveLicense.addTo('usedReadBytes', analyticsRecord.mean * analyticsRecord.count);
+						break;
+					case 'db-write':
+						logger.trace?.('Recording write usage into license');
+						updatableActiveLicense.addTo('usedWrites', analyticsRecord.count);
+						updatableActiveLicense.addTo('usedWriteBytes', analyticsRecord.mean * analyticsRecord.count);
+						break;
+					case 'db-message':
+						logger.trace?.('Recording message usage into license');
+						updatableActiveLicense.addTo('usedRealTimeMessages', analyticsRecord.count);
+						updatableActiveLicense.addTo('usedRealTimeBytes', analyticsRecord.mean * analyticsRecord.count);
+						break;
+					case 'cpu-usage':
+						if (analyticsRecord.path === 'user') {
+							logger.trace?.('Recording CPU usage into license');
+							updatableActiveLicense.addTo('usedCpuTime', (analyticsRecord.mean * analyticsRecord.count) / 3600);
+						}
+						break;
+					default:
+						logger.trace?.('Skipping metric:', analyticsRecord.metric);
+				}
+			}
+		});
+	} else if (!process.env.DEV_MODE) {
+		const msg =
+			'This server does not have valid usage licenses, this should only be used for educational and development purposes.';
+		if (!licenseConsoleErrorPrinted) {
+			console.error(msg);
+			licenseConsoleErrorPrinted = true;
+		}
+		if (licenseWarningIntervalId === undefined) {
+			licenseWarningIntervalId = setInterval(() => {
+				logger.notify?.(msg);
+			}, LICENSE_NAG_PERIOD).unref();
+		}
+	}
+}
+
+function getUsageLicensesOp(req: GetUsageLicensesReq): AsyncIterable<UsageLicense> {
+	const params: GetUsageLicenseParams = {};
+	if (req.region) {
+		params.region = req.region;
+	}
+	return getUsageLicenses(params);
+}
+
+export function getUsageLicenses(params?: GetUsageLicenseParams): AsyncIterable<UsageLicense> {
+	const conditions = [];
+	const attrs = typeof params === 'object' ? Object.keys(params) : [];
+	if (attrs.length > 0) {
+		attrs.forEach((attribute) => {
+			conditions.push({ attribute, comparator: 'equals', value: params[attribute] });
+		});
+	}
+	return databases.system.hdb_license.search({
+		sort: { attribute: '__createdtime__' },
+		conditions,
+	} as any);
+}
+
+async function loadLicenseFile(filePath: string) {
+	logger.trace?.('Loading usage license from file:', filePath);
+	const encodedLicense = await fs.readFile(filePath, { encoding: 'utf-8' });
+	try {
+		await installUsageLicense(encodedLicense);
+	} catch (err) {
+		logger.error?.('Failed to install usage license from file:', filePath, err);
+	}
+}